GRE OVER IPSEC 新命令配置

拓扑：

配置：

R1：

crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp key root address 192.168.23.3
!
!
crypto ipsec transform-set r1set esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile r1profile
 set transform-set r1set
!
!
!
!
!
!
interface Loopback0
 ip address 192.168.1.1 255.255.255.0
!
interface Tunnel1
 ip address 172.16.13.1 255.255.255.0
 tunnel source Serial0/0
 tunnel destination 192.168.23.3
 tunnel key 120314
 tunnel protection ipsec profile r1profile
!
interface Serial0/0
 ip address 192.168.12.1 255.255.255.0
 serial restart-delay 0
!
interface Serial0/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
router ospf 100
 router-id 1.1.1.1
 log-adjacency-changes
 network 172.16.13.0 0.0.0.255 area 0
 network 192.168.1.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.12.2

R2：

interface Serial0/0
 ip address 192.168.12.2 255.255.255.0
 serial restart-delay 0
!
interface Serial0/1
 ip address 192.168.23.2 255.255.255.0
 serial restart-delay 0

R3:

crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 2
 lifetime 3600
crypto isakmp key root address 192.168.12.1
!
!
crypto ipsec transform-set r3set esp-3des esp-md5-hmac
 mode transport
!
crypto ipsec profile r3profile
 set transform-set r3set
!
!
!
!
!
!
interface Loopback0
 ip address 192.168.3.3 255.255.255.0
!
interface Tunnel3
 ip address 172.16.13.3 255.255.255.0
 tunnel source Serial0/1
 tunnel destination 192.168.12.1
 tunnel key 120314
 tunnel protection ipsec profile r3profile
!
interface Serial0/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/1
 ip address 192.168.23.3 255.255.255.0
 serial restart-delay 0
!
interface Serial0/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial0/3
 no ip address
 shutdown
 serial restart-delay 0
!
router ospf 100
 router-id 3.3.3.3
 log-adjacency-changes
 network 172.16.13.0 0.0.0.255 area 0
 network 192.168.3.0 0.0.0.255 area 0
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.23.2

说明新命令已经不在需要MAP 和感兴趣流了。

分析：对照前面的分析方面可以都到

 抓包分析：

测试：